Large software vendors, global defense contractors and organizations operating in hyper regulated markets must meet very specific government cybersecurity requirements. These requirements include ensuring data sovereignty as well as compliance with specific standards like FedRAMP or ITSG-33 in the US and Canada respectively. The rapid emergence of data sovereignty requirements are driving the increased need for “in-region” deployments that provide the ability to contain the data within a pre-specified area. External connections to corporate services, other SaaS services, or other systems cause the assessors to take a real hard look at data flows. This scrutiny and extra due diligence can slow down the accreditation process. These unique constraints create challenges for large global organizations looking to meet complex regulatory requirements in a cost-effective manner.
This problem can be solved by using an “in-boundary” security and compliance model that limits the number of external connections and delivers a “region-gapped” service.
stackArmor’s cloud, compliance and security specialists pioneered the concept of “in-boundary” security and compliance deployments. There are multiple benefits to using an “in-boundary” deployment model:
We launched the ThreatAlert® Security Platform in 2018 to deliver 18 plus security services directly mapped to NIST controls. The ThreatAlert® Security Platform is installed within the customers boundary ensuring that no data ever leaves the environment. This “in-boundary” deployment model uniquely accelerates ATO’s. We have successfully deployed the ThreatAlert® Security Platform to accelerate ATO’s at District of Columbia’s Health Benefits Exchange (DC-HBX), Department of Education, Department of Justice and numerous Cloud Service Providers (CSP) looking for FedRAMP accreditation.
Today, we are excited to share our success in further accelerating the deployment of FedRAMP, FISMA/RMF, CMMC 2.0 and DOD compliant environments with the stackArmor ATO Machine (ATOM). stackArmor ATO Machine (ATOM) leverages platform-as-code to “shift-left” complex security service installation, configuration and operationalization tasks. stackArmor ATO Machine (ATOM) is the “deployment vehicle” for the ThreatAlert® Security Platform that stitches together discrete native and non-native services to deliver a highly operationally ready and auditable environment. The combination of stackArmor ATO Machine (ATOM) and ThreatAlert® Security Platform deliver a ready-made solution for organizations looking to deploy compliant platforms – faster!
What is Platform-As-Code (PaC)?
Platform-as-code (PaC) is a new paradigm for developing opinionated platforms that meet specific business and security requirements. PaC uses software development principles of modularity, abstraction, and maintainability. The result is greater rigor, consistency and standardization across the enterprise for deploying infrastructure and security services thereby saving time, money and avoiding costly mistakes.
It is important to note that PaC is a mission use-case driven approach to deliver an auditable and compliant platform that includes infrastructure, security and continuous monitoring services. PaC builds on the foundational services enabled by infrastructure-as-code (IaC). In many ways, PaC starts where IaC stops, to further automate the installation, configuration and operationalization of higher order servicses required for compliant environments. With platform-as-code (PaC) we can build “apps”, which can then be readily deployed or instantiated to deliver PaaS. A large organization can construct many “apps” – one for FedRAMP, another for HIPAA and a third for Canada’s ITSG-33 as an example. Platform-as-code enables greater consistency, auditability and flexibility through well known software development practices like abstractions, encapsulation, inheritance, as well as a rigorous SDLC to ensure a solid product. A large part of this transition has been enabled by the arrival of the AWS CDK (Cloud Development Kit) as well as automation services like AWS Control Tower and Compliant Framework for Federal and DOD Workloads.
Introducing stackArmor ATO Machine (ATOM)
stackArmor ATOM is a faster, consistent, repeatable way to deploy an AWS Landing Zone and stackArmor’s ThreatAlert® Security Platform in AWS Regions. Leveraging the AWS CDK, our ATOM platform-as-code implementation accelerates the technical deployment of our “in-boundary” ThreatAlert® solution, reducing implementation time by up to 60%. By leveraging ATOM, global ISV’s and customers looking to offer accredited cloud services across AWS regions can develop a standardized and compliant platform that can be easily deployed and maintained.
stackArmor ATOM provides DOD/DISA and NIST control driven services such as:
stackArmor ATOM builds upon AWS IaC best practices such as AWS Organizations and Service Control Policies (SCP) to centrally manage and orchestrate security posture of all workloads in the Landing Zone. stackArmor ATOM platform-as-code builds upon the AWS native automation frameworks and services such as Compliant Framework for Federal and DOD Workloads. Key capabilities include:
If you are a DOD/Federal Mission Owner, Global ISV or Defense contractor looking to accelerate your mission while complying with government requirements and maintaining data sovereignty, then connect with us to see how stackArmor ATOM and the ThreatAlert® Security Platform can reduce the time and cost of your project.
Matt Venne, Sr. Director of Solutions Architecture, stackArmor
Ed Bender, Sr. Solutions Architect, stackArmor